What's new

Weird website issue - seem to be something with the router..

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Try with dd-wrt on it just for kicks.
I found a version of DD-WRT for the Ac-1900P and it fixed the issue. I still prefer running Merlin, maybe at this point a flash back will fix the issue. Unless there are any other ideas to try and address the issue. Seems pretty obvious something got corrupted - doesn't seem like it was a hardware issue.
 
If I browse to this website:
http://heroesforhire.us

I get a page off this website:
https://www.spiceoflifepharmacy.com

1. It only happens on devices connected to the router.
2. It happens on two different PC, all browsers and my android mobile
3. If I engage the VPN on the PC or switch to Verizion data - I get the correct website.
4. If I bypass the router and connect directly to Spectrum - I get the correct site.
5. I have tried a power reset, changing DNS servers - nothing changes it.
6. Cleared browser data, Windows DNS Cache - no effect.
7. If I navigate to any subpage the correct site comes up. (ex: http://heroesforhire.us/?page_id=17)

I am running an AC-1900P on 384.13. Did a full reset on the last firmware update, is there something I am missing?? Some routing table setting or cache that I have failed to clear?

Thanks !

Is that a refurbished or used 1900P?
 
So did this not change the outcome, or did you also switch to ddwrt during that 20 mins?
The WAN IP didn't change when I swapped out the AC-1900P with the WRT-54. So by that I would conclude that the webserver was doing what it should and not giving our WAN IP weird content.
 
DD-WRT wasn't running the best on this router. 2G throughput was sketchy and clients had trouble accessing via 5G. reloaded 384.13 via rescue mode and the router is back to giving me erroneous sites.
Looks like its time to replace the router.
 
DD-WRT wasn't running the best on this router. 2G throughput was sketchy and clients had trouble accessing via 5G. reloaded 384.13 via rescue mode and the router is back to giving me erroneous sites.
Looks like its time to replace the router.
Do you see this with other URLs besides the one in this thread?
 
Do you see this with other URLs besides the one in this thread?
This is the only one I have discovered.
I have seem a few other anomalies with this unit such as wifi dropouts, slow site/dns resolves. Was not enough to worry about it, but this seems a little weird.
 
I did some more messing around with the router this morning.
I set up my PIA VPN on the router, and going through the VPN the result is still the same - which pretty much rules out any webserver/ISP issues - its solely focused on the router.
 
I did some more messing around with the router this morning.
I set up my PIA VPN on the router, and going through the VPN the result is still the same - which pretty much rules out any webserver/ISP issues - its solely focused on the router.
If you ssh to the router, and run these commands, see if anything looks unusual/unexpected. Post the results if you are comfortable doing so. Looking for rogue web processes or dns processes, or iptables rules, unexpected partitions, etc.
Code:
netstat -nltup
iptables -t nat -S
cat /etc/dnsmasq.conf
cat /tmp/resolv.dnsmasq
df
 
If you ssh to the router, and run these commands, see if anything looks unusual/unexpected. Post the results if you are comfortable doing so. Looking for rogue web processes or dns processes, or iptables rules, unexpected partitions, etc.
Code:
netstat -nltup
iptables -t nat -S
cat /etc/dnsmasq.conf
cat /tmp/resolv.dnsmasq
df

See attached txt files.
 

Attachments

  • netstat.txt
    3.6 KB · Views: 247
  • dnsmasq.txt
    500 bytes · Views: 206
  • dns.txt
    40 bytes · Views: 189
  • df.txt
    314 bytes · Views: 193
See attached txt files.
Nothing looks out of the ordinary. I might disable WPS under WiFi. Are you aware of those port forwards for 3074 and 3075? Just want to make sure they're intentional. You can probably delete the iptable.txt attachment since it includes your WAN IP and you don't need anymore problems. :)
I don't have a mastiff process on my router, but it's apparently part of the firmware. Do you use any IFTTT or AsusCloud?
 
Last edited:
How about running this on the router and seeing if the HTML looks like it's from the correct site or not?
Code:
curl -v http://heroesforhire.us/ | more
or save it to a file:
Code:
/tmp/home/root# curl http://heroesforhire.us/ -o hero.htm
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  665k    0  665k    0     0  65333      0 --:--:--  0:00:10 --:--:--  161k
/tmp/home/root# ll
-rw-rw-rw-    1 admin root        681885 Oct 26 15:00 hero.htm
 
Last edited:
How about running this on the router and seeing if the HTML looks like it's from the correct site or not?
Code:
curl -v http://heroesforhire.us/ | more
or save it to a file:
Code:
/tmp/home/root# curl http://heroesforhire.us/ -o hero.htm
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  665k    0  665k    0     0  65333      0 --:--:--  0:00:10 --:--:--  161k
/tmp/home/root# ll
-rw-rw-rw-    1 admin root        681885 Oct 26 15:00 hero.htm
Its returning code that looks very similar to the pharmacy site - nothing like what is supposed to be on the heroesforhire page. Basically mirroring what the browser is doing.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top